In a simple two-way communication between a sender computing system and a receiver computing system, the sender computing system may execute an application that transmits an electronic message to the receiver computing system. The message may include service data on which the receiver is to perform a service as well as authentication data identifying a user.
The identified user may be a principal under whom the application is executed in the sender, or a fixed anonymous user that is statically configured in the sender. The receiver uses the authentication data to perform an authentication action for logging the user into the receiver system. If the authentication action is successful, the receiver executes code under the user to perform the service on the service data.
As a result, the code (i.e., the receiver application) may be considered a part of the sender application executed under a same application user. This arrangement provides tailored application permissions in the receiver system and the ability to audit transactions in the receiver system caused by the application user.
A mediated communication scenario inserts an intermediary component between the sender and the receiver. The intermediary component may determine a receiver to which a message initiated by the sender is to be sent and may perform some transformation services on the message before forwarding the transformed message to the determined receiver. However, some authentication mechanisms rely on the integrity of the originally-sent message (i.e., the message must not be transformed). Moreover, the intermediary component itself may require authentication.
Systems are desired for efficiently enabling login of a sender computing system user at a receiver computing system in a mediated communication scenario.